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Amendments to the Claims 

1-23. (canceled) 

24. (currently amended) A device, comprising: 

a distributor unit in the device that distributes a plurality of packets in a 
data flow between a source and the device and a first set of security association 
information for each of the plurality of packets according to a distribution scheme and 
updates a second set of security association information for on e or more of a packet in 
the plurality of packets; and 

a plurality of security processing engines in the device, coupled to the 
distributor unit, configurable to perform authentication, encryption, or decryption 
functions, 

wherein each of the plurality of security processing engines receives a 
packet and at least a portion of the first set of security association information 
associated with the packet, and wherein the plurality of security processing engines 
process the plurality of packets in parallel. 

25. (previously presented) The device of claim 24, wherein the plurality of 
packets are buffered prior to being processed by the plurality of security processing 
engines. 

26. (previously presented) The device of claim 24, further comprising a 
classification module that determines security association information associated with 
each packet in the plurality of packets, wherein the classification module is 
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configured to provide at least a portion of the security information associated with 

each packet to the distributor unit. 

27. (previously presented) The device of claim 24, wherein the distributor 
unit and the plurality of security processing engines are on the same chip. 

28. (previously presented) The device of claim 24, wherein the security 
association information includes a sequence number, an anti-replay window, and a 
lifetime of the security association. 

29. (previously presented) The device of claim 28, wherein the security 
association information further includes an encapsulating security payload (ESP) 
encryption algorithm identifier and one or more ESP encryption keys. 

30. (previously presented) The device of claim 29, wherein the security 
association information further includes an ESP authentication algorithm identifier 
and one or more ESP authentication keys. 

31. (previously presented) The device of claim 28, wherein the security 
association information further includes an authentication header (AH) authentication 
algorithm identifier and one or more AH authentication keys. 

32. (previously presented) The device of claim 28, wherein the security 
association information includes protocol mode information. 

33. (previously presented) The device of claim 24, wherein the distribution 
scheme is a round-robin distribution scheme, wherein the distributor unit selects a 
next available security processing engine in a round-robin manner. 



- 4 - KRISHNA et al. 

Appl. No. 09/610,798 

34. (previously presented) The device of claim 24, further comprising an 
order maintenance packet retirement unit. 

35. (previously presented) The device of claim 34, wherein the distributor 
unit assigns packets for processing to a next available security processing engine 
regardless of the order received and the order maintenance packet retirement unit 
outputs the processed packets such that packet order is maintained. 

36. (previously presented) The device of claim 24, wherein the device is a 

router. 

37. (previously presented) The device of claim 24, wherein the device is a 
firewall. 

; 38. (previously presented) The device of claim 24, wherein the device is a 
network communication device. 

39. (previously presented) The device of claim 24, wherein the device 
system is a security gateway. 

40. (previously presented) The device of claim 24, wherein the device is a 

server. 

41. (previously presented) The device of claim 24, wherein the device is a 
network line card. 

42. (currently amended) The device of claim 24, wherein the distributor unit 
is configured to update updates the second set of security information for a packet in 
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the plurality of packets after the associated packet has been processed by one of the 

plurality of security processing engines. 

43. (previously presented) The device of claim 24, wherein the distributor 
unit includes a memory configured to store a copy of the security association 
information associated with each packet being processing by the plurality of security 
processing engines. 

44. (previously presented) The device of claim 43 , wherein the memory is 
further configured to store a copy of the security association information associated 
with each packet being buffered by the plurality of security processing engine. 



